[Gruppo-web] Disappointed by Canonical SysAdmin Team behaviour

Andrea Colangelo warp10 a debian.org
Gio 30 Ott 2014 14:29:27 GMT 

Dears all,

we regret to write this email, but we can no longer tolerate problems
like the ones we're describing below.

Today, we noticed Italian Community web page [0] is not reachable, and a
403 Forbidden error is displayed instead. This was not triggered by any
change made by our Website Team, so we investigated the problem with the
Canoncal Sysadmins.

Riccardo Padovani, the spokeperson of the Italian Website Team, reached
the Canonical Sysadmins, here's an excerpt of the chat they had via IRC:

<rpadovani> moon127, we have a forbidden advice on every page of
http://www.ubuntu-it.org. No changes on our side in last hours, could
you take a look please?
<moon127> rpadovani, we detected an update from Drupal 7.31 to 7.32
recently which did not seem to have been initiated by our guys and taken
down as a precaution due to https://www.drupal.org/PSA-2014-003 - we
have people investigating currently.
<rpadovani> moon127, indeed, the update is not from your guys because
drupal is managed by us on lp and then sync on server by cron
<rpadovani> Here my commit for Drupal 7.32
<rpadovani>
https://bazaar.launchpad.net/~ubuntu-it-www/ubuntu-it-www/www-repo/revision/191

The Drupal update was prepared by Riccardo a few hours after the Drupal
Security Bulletin [1] was issued, so the website was no longer
vulnerable due to the prompt reaction of Riccardo and the Italian
Website Team.

Nobody stepped in and warned us that the SysAdmin Team was going to turn
off the website for "precaution purposes". Neither any members of the
Website Team nor any members of the Italian LoCo Team got a notice.
Also, nobody checked whether the site was actually affected by the
vulnerability described in [1], it has been taken down without any
check. Considering how many daily visits our website gets, this looks
like an irresponsible course of action. We consider this approach not
acceptable at all, especially for a service so important for our
Community.

This is just the latest issue we had while interacting with the
Canonical SysAdmin Team (evidence of this can be found in the tickets we
filed on [2]), and we are fed up of this. We are grateful of the help we
get from Canonical in hosting our websites and many other services,
nevertheless we feel the need of a better communication among us.

Also, our website is still down as we are sending this email. We kindly
ask you to provide us with your support to solve these problems as soon
as possible.

[0] http://www.ubuntu-it.org/
[1] https://www.drupal.org/SA-CORE-2014-005
[2] https://rt.ubuntu.com

Thank you for your co-operation,

Andrea Colangelo
on the behalf of the Italian LoCo Team


-- 
Andrea Colangelo                      |   http://andreacolangelo.com
Debian Developer <warp10 a debian.org>  |   Ubuntu Developer <warp10 a ubuntu.com>
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome:        non disponibile
Tipo:        application/pgp-signature
Dimensione:  819 bytes
Descrizione: Digital signature
URL:         <http://liste.ubuntu-it.org/pipermail/gruppo-web/attachments/20141030/b4861cda/attachment.pgp>

Maggiori informazioni sulla lista Gruppo-web